What's Happening?
Researchers from Koi Security have discovered that the FreeVPN.One Chrome extension, initially a legitimate VPN service, has been acting as spyware for the past five months. The extension, which has over 100,000 installs, began capturing screenshots of users' online activity without their consent following an update in April 2025. This covert operation involves injecting scripts into websites to take screenshots and upload them to a server controlled by the extension's developer. The extension's actions raise significant privacy concerns, as it collects sensitive data from users without their knowledge.
Why It's Important?
The transformation of a legitimate VPN extension into spyware highlights the risks associated with browser extensions and the potential for privacy breaches. Users who rely on VPNs for secure browsing are particularly vulnerable, as their trust in these tools can be exploited. This incident underscores the need for vigilance in monitoring extension updates and permissions. It also calls for stricter oversight by app stores to prevent malicious activities and protect user privacy.
What's Next?
Users are advised to uninstall the FreeVPN.One extension and review permissions for other extensions to safeguard their privacy. Google may need to enhance its vetting process for extensions to prevent similar incidents. The discovery could lead to increased scrutiny of browser extensions and prompt developers to prioritize transparency and security in their offerings.
